Secondary DNS controller for Windows domain

Steven Stern subscribed-lists at sterndata.com
Thu Oct 7 13:44:47 UTC 2004 

On Wed, 6 Oct 2004 08:44:07 +0200 (CEST), "Roger Grosswiler" <roger at gwch.net>
wrote:

>Hi Steve,
>
>you can configure bind acting as a slave, but telling your fc2-box to forward queries to external servers, if no
>result is given by your zone.
>
>so, your /etc/named.conf:
>
>
> more named.conf
>// generated by named-bootconf.pl
>
>options {
>        directory "/var/named";
>        /*
>         * If there is a firewall between you and nameservers you want
>         * to talk to, you might need to uncomment the query-source
>         * directive below.  Previous versions of BIND always asked
>         * questions using port 53, but BIND 8.1 uses an unprivileged
>         * port by default.
>         */
>        // query-source address * port 53;
>
>  notify no;
>        forward first;
>        forwarders { ip-adress of a external dns-server1; ip-adress of a external dns-server2; } ;
>};
>this entry forwards queries to the forwarders, if no internal dns-server brings an appropriate answer......now,
>indicate your slave-zone in /etc/named.conf, eg:
>
>zone "your_zone" {
>        type slave;
>        file "/var/named/zonefile.hosts";
>        masters {
>                ip-adress-of-your-master-dns;
>                };
>        allow-transfer {
>                ip-adress-of-this-slave; { key rndckey; };
>                };
>        };
>the option { key rndckey; }; has to be inserted, if your master-dns-server requires a password for the zone-download.
>if your master-dns doesn't require this, you can remove this option. otherwise, you will find a file in /etc/ called
>rndckey. insert the password in there. as i remember, by default w2k doesn't require one (but i can be wrong...) the
>password should be encrypted.
>
>if you've done this, make sure, /var/named has 775 to user and group named, otherwise, the update will fail.
>


Thanks. Your instructions were perfect.  Unfortunately, I had to do this with
the Windows version of Bind and not Linux.  I went through my customer's
inventory of old computers looking for one good enough to be a minimal Linux
DNS server (or enough parts to cobble one together). All were so old and tired
that I destroyed their hard disks and tossed them.  I used the spare Windows
2K Pro workstation instead, installing Bind 9.3 and following your
instructions have a happy slave DNS server.
-- 
  Steve

More information about the fedora-list mailing list